|
Damn spammers!!!
They are messing up my sendmail. My mail gets looped because they somehow include email address
<>@mydomain.com and for some reason mail starts looping and fills up my var partition. Any suggestions i rejected mail to <>@mydomain.com but need to check if <> aren't some special charaters for access db |
Damn them all to hell!!! If you have less than 20 or so people, you could just setup their accounts exclusively.
|
no the problem is external abusers. they setup their spam so it appears to be from our local domain and use our sendmail to spam others, and we'll get blocked
|
Use qmail (www.qmail.org). It's much easier to configure than sendmail (worked with both) and you can easily specify who is allowed to do what - which is what it seems your problem is. You can mail me with any questions (koningshoed@freemail.absa.co.za).
|
Postfix is also quite simple but powerful at the same time, and tries to be compatible with sendmal.
|
I'm not sure, put so much time into sendmail, and set it up with kav. But I'll have to give it a try
|
You could start using RBL databases to block these connections. I get exactly no spam whatsoever these days.
Regards |
you mean blackhole?
but the blackhole won't help if spammers are messing up mail headers so the sendmail accepts is as trusted mail and start sending spam |
Of course it will, as the initial connection will be refused before any sending of mail is done. Here's yesterday's reject log from my mail server:
2002-06-01 07:43:06 recipients from fep02.superonline.com [212.252.122.41] refused ------------------------------------------------------------------------------ 2002-06-01 10:19:25 recipients refused from 122.reverse237.fmcf.fr [217.112.237.122] (RBL relays.osirusoft.com) ------------------------------------------------------------------------------ 2002-06-01 19:12:04 recipients from fep02.superonline.com [212.252.122.41] refused ------------------------------------------------------------------------------ 2002-06-01 20:08:08 recipients refused from 01-086.067.popsite.net [64.24.72.86] (RBL relays.osirusoft.com) ------------------------------------------------------------------------------ 2002-06-01 21:10:19 recipients from [66.237.120.201] refused (failed to find host name from IP address) ------------------------------------------------------------------------------ 2002-06-01 23:48:25 recipients from [66.180.237.58] refused (failed to find host name from IP address) ------------------------------------------------------------------------------ 2002-06-02 01:46:00 recipients refused from lsmail6.oin2.com [65.118.64.251] (RBL relays.osirusoft.com) ------------------------------------------------------------------------------ 2002-06-02 05:48:41 recipients from [210.187.6.26] refused (failed to find host name from IP address) ------------------------------------------------------------------------------ clues:/var/log/exim# cat rejectlog 2002-06-02 13:25:59 refused relay (host) to <areyoublind@aol.com> from <firstcomm1@china.com> H=adsl-32-102-242.bhm.bellsouth.net (mail.china.com) [67.32.102.242] ------------------------------------------------------------------------------ 2002-06-02 13:25:59 refused relay (host) to <cutco@inbox.lv> from <firstcomm1@china.com> H=adsl-32-102-242.bhm.bellsouth.net (mail.china.com) [67.32.102.242] ------------------------------------------------------------------------------ Regards |
Or just set up a list of trusted ip's (obviously you know what the ip's of you lan is). Then set up rules for who's allowed to relay any mail, and the rest will only be allowed to "deliver" mail to your system.
|
I have customers on differnet isp's so can't just use a few ip's, but I think it's possible to fool sendmail just with headers in sendmail
|
So solve the problem, not the symptons.
|
Ooh, that is bad. I don't know how hetzner does it (www.hetzner.co.za) but they require pop action before smtp, in that way, you have to read your mail before you can send any, this will confirm your ip to the server and then you can be sure that the user on that ip is in fact a user of your system (they managed to authenticate with pop). Hope you can find a package to do this (try telnetting into their smtp server - most packages advertize in the header line).
|
that's a good way of doing it, but how to explain customers why they they always get relaying denied if they forgot to check their mail
|
That is not my problem. Perhaps have another net-detect utility that tries to connect to the server every one minute to report the ip, if the program does not connect for 5 minutes drop that ip from the list of allowed relayers? Just use ipchains or something similar to sumarily block everyone you don't want - permitting your not anyone's mx entry :).
|
| All times are GMT -5. The time now is 03:25 PM. |